October 22nd, 2003, 08:31 PM
wireless network setup at a cafe
I need to setup a wireless network(for internet) at a coffeehouse. Customers will be able to log on for free. However, I still want them to log on before they can surf. This will hopefully prevent non customers with a wireless card from just surfing. Can anyone give me some tips on how to accomplish this?
October 22nd, 2003, 08:36 PM
On most wireless recivers you can setup a password and encrytpion to secure the wireless network. The down side to this is your customers wireless cards would have to be configured to log on to the network, which might change their settings to their home network.
A better way to do this is use a proxy that will filter mac address. This way a customer could registar there mac address with you, but use automatic settings to log on to your network. This way I believe would work much better because most peoples home networks are configured to automatically log on to network, which would make it easier to use your network.
Hope this makes sense, I'm sure other users could elaborate on it.
October 22nd, 2003, 08:58 PM
You will need to use wireless access points that provide more security than what you get with standard WEP. The enterasys roamabout platform have some good devices that may do what you need. I'm sure cisco and the other large vendors have WAPs that will allow you to setup an authentication method.
October 22nd, 2003, 08:59 PM
Or you can set up a proxy server and use proxy authentication. You can then change the username/password combo every day in your cafe and give them out to those who need them.
I am pretty sure squid support proxy_auth.
October 22nd, 2003, 09:02 PM
thanks for replying. I like the idea of having a proxy that would filter mac addresses. Is this something that can be done with a wireless router or would i need an external program to do this for me? If i need an external program to do this, does anyone have any suggestions.
October 22nd, 2003, 09:16 PM
Maybe this will help, but I don't have a wireless setup, so this is where I leave off.
October 23rd, 2003, 02:17 AM
Heres a recommendation...you can try using a program like websense, if you are going to use a cisco pix firewall for security or a cisco pix router for internet connectivity there is some support for other devices but i dont know what they are. if you use a router, make sure it supports the IP Firewall feature which will support websense. a firewall automatically supports it. websense enterprise allows user authentication, which forces a user to enter a user/pass when he opens http, ftp, etc...it will also do content filtering so you dont have people going to porn sites or to sites you dont want them going to...
October 24th, 2003, 06:29 PM
Check out this site. They seem to have a fairly cool way of authenticating users for environments similar to the one you are setting up. I have not tried it so I can't say how easy/hard it is, or how well it works, but, check it out.
Apparently what you do is set up a linux box(or something) behind the access point, with the no cat software installed, and iptables configured with it, when a user tries to access the wireless, they are unable to do so unless they have authenticated(they can use the wireless, but just can't go anywhere because iptables will not let them). In order to authenticate they just open a web browser and attempt to load their home page, they are automatically redirected to the login page for nocatauth(over ssl I believe so no worries about having passwords sniffed, at least not as many) where they can login, or not. There appear to be several different ways you can configure the permisions.
You do not use WEP so any traffic can be sniffed/monitored, except for the authentication to nocat, which as stated can be configured(or maybe has to be) to use ssl.
October 24th, 2003, 07:15 PM
If you plan to offer the access for free, I dont think its worth cost of securing the network. You may find that offering it free to anyone will actually provide a way to draw in customers. Someone surfing will probably be tempted to grab a hot cup of joe while they are at it.
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier